Security Operations Lead

About The Position

Requirements

• Experience in mid-market or high-growth SaaS environments
• Experience supporting SOC 2, ISO 27001, or similar audits
• Familiarity with MITRE ATT&CK framework
• Experience building or maturing security operations functions
• Relevant certifications such as CISSP, GCIA, GCIH, or similar
• 7+ years of experience in security operations, incident response, or detection engineering
• Strong experience securing cloud-native SaaS environments, preferably AWS
• Hands-on experience with SIEM, EDR, vulnerability management, and cloud security tooling
• Deep understanding of attacker techniques and threat detection methodologies
• Experience leading incident response efforts
• Strong communication skills with the ability to translate technical risk into business impact

Responsibilities

• Security Monitoring and Detection
• Own and evolve Cleo’s detection and response strategy
• Lead daily monitoring of security events across cloud, endpoint, identity, and application layers
• Continuously tune detection rules to reduce noise and improve signal
• Ensure effective coverage across AWS, SaaS platforms, and corporate systems
• Leverage SIEM, EDR, and cloud-native tooling to improve visibility
• Incident Response and Containment
• Lead security incident investigations and coordinate cross-functional response
• Develop and maintain incident response playbooks
• Conduct post-incident reviews focused on systemic improvement
• Reduce mean time to detect and contain security events
• Partner with Legal, Compliance, and Leadership during material incidents
• Vulnerability and Exposure Management
• Oversee vulnerability scanning across infrastructure, endpoints, and cloud resources
• Prioritize remediation based on business risk
• Track critical vulnerability exposure windows
• Partner with Engineering and IT to drive timely remediation
• Cloud and Identity Security Operations
• Monitor and secure AWS accounts and cloud-native services
• Identify and remediate misconfigurations
• Strengthen identity and access management controls
• Collaborate with Cloud Security and Platform teams on guardrails
• Operational Metrics and Reporting
• Define and track security operations KPIs
• Report on detection efficacy, remediation timelines, and exposure trends
• Provide board-ready operational risk metrics
• Support audit and compliance evidence requirements
• Automation and Continuous Improvement
• Automate repetitive operational tasks
• Improve alert triage workflows
• Optimize tooling effectiveness and cost efficiency
• Reduce operational friction through process refinement
• Leadership and Collaboration
• Lead and mentor security analysts and engineers
• Partner closely with Engineering, IT, and Platform teams
• Contribute to the Security Champion and Guild initiatives
• Build a culture of proactive risk identification

Benefits

• Great Healthcare + Dental + Vision
• Flexible PTO
• Culture of support, encouraging Life-Work balance
• 401k match
• FSA and HSA options
• Employee Assistance Program
• Paid Parental Leave
• Representing a company with 4,000+ clients and a 99% retention rate
• Accelerated title and salary growth potential
• A fun and energetic work environment that makes you excited to go to work every day